Posts Tagged ‘surveillance’

NSA Whistleblower Thomas Drake speaks at National Press Club

July 7, 2013

Edward Snowden is not the only NSA whistleblower. Another is Thomas Drake.

GCHQ taps fibre-optic cables for secret access to world’s communications

June 21, 2013

Exclusive: British spy agency collects and stores vast quantities of global email messages, Facebook posts, internet histories and calls, and shares them with NSA, latest documents from Edward Snowden reveal

GCHQ Mastering the Internet

GCHQ Mastering the Internet

Britain’s spy agency GCHQ has secretly gained access to the network of cables which carry the world’s phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).

The sheer scale of the agency’s ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.

One key innovation has been GCHQ’s ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.

GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects.

This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user’s access to websites – all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.

The existence of the programme has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden as part of his attempt to expose what he has called “the largest programme of suspicionless surveillance in human history”.

“It’s not just a US problem. The UK has a huge dog in this fight,” Snowden told the Guardian. “They [GCHQ] are worse than the US.”

However, on Friday a source with knowledge of intelligence argued that the data was collected legally under a system of safeguards, and had provided material that had led to significant breakthroughs in detecting and preventing serious crime.

Britain’s technical capacity to tap into the cables that carry the world’s communications – referred to in the documents as special source exploitation – has made GCHQ an intelligence superpower.

By 2010, two years after the project was first trialled, it was able to boast it had the “biggest internet access” of any member of the Five Eyes electronic eavesdropping alliance, comprising the US, UK, Canada, Australia and New Zealand.

UK officials could also claim GCHQ “produces larger amounts of metadata than NSA”. (Metadata describes basic information on who has been contacting whom, without detailing the content.)

By May last year 300 analysts from GCHQ, and 250 from the NSA, had been assigned to sift through the flood of data.

The Americans were given guidelines for its use, but were told in legal briefings by GCHQ lawyers: “We have a light oversight regime compared with the US”.

When it came to judging the necessity and proportionality of what they were allowed to look for, would-be American users were told it was “your call”.

The Guardian understands that a total of 850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases.

The documents reveal that by last year GCHQ was handling 600m “telephone events” each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 of them at a time.

GCHQ collect it all

GCHQ collect it all

Each of the cables carries data at a rate of 10 gigabits per second, so the tapped cables had the capacity, in theory, to deliver more than 21 petabytes a day – equivalent to sending all the information in all the books in the British Library 192 times every 24 hours.

And the scale of the programme is constantly increasing as more cables are tapped and GCHQ data storage facilities in the UK and abroad are expanded with the aim of processing terabits (thousands of gigabits) of data at a time.

For the 2 billion users of the world wide web, Tempora represents a window on to their everyday lives, sucking up every form of communication from the fibre-optic cables that ring the world.

The NSA has meanwhile opened a second window, in the form of the Prism operation, revealed earlier this month by the Guardian, from which it secured access to the internal systems of global companies that service the internet.

The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America.

This was done under secret agreements with commercial companies, described in one document as “intercept partners”.

The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned “sensitive relationship teams” and staff were urged in one internal guidance paper to disguise the origin of “special source” material in their reports for fear that the role of the companies as intercept partners would cause “high-level political fallout”.

The source with knowledge of intelligence said on Friday the companies were obliged to co-operate in this operation. They are forbidden from revealing the existence of warrants compelling them to allow GCHQ access to the cables.

“There’s an overarching condition of the licensing of the companies that they have to co-operate in this. Should they decline, we can compel them to do so. They have no choice.”

The source said that although GCHQ was collecting a “vast haystack of data” what they were looking for was “needles”.

“Essentially, we have a process that allows us to select a small number of needles in a haystack. We are not looking at every piece of straw. There are certain triggers that allow you to discard or not examine a lot of data so you are just looking at needles. If you had the impression we are reading millions of emails, we are not. There is no intention in this whole programme to use it for looking at UK domestic traffic – British people talking to each other,” the source said.

He explained that when such “needles” were found a log was made and the interception commissioner could see that log.

“The criteria are security, terror, organised crime. And economic well-being. There’s an auditing process to go back through the logs and see if it was justified or not. The vast majority of the data is discarded without being looked at … we simply don’t have the resources.”

However, the legitimacy of the operation is in doubt. According to GCHQ’s legal advice, it was given the go-ahead by applying old law to new technology. The 2000 Regulation of Investigatory Powers Act (Ripa) requires the tapping of defined targets to be authorised by a warrant signed by the home secretary or foreign secretary.

However, an obscure clause allows the foreign secretary to sign a certificate for the interception of broad categories of material, as long as one end of the monitored communications is abroad. But the nature of modern fibre-optic communications means that a proportion of internal UK traffic is relayed abroad and then returns through the cables.

Parliament passed the Ripa law to allow GCHQ to trawl for information, but it did so 13 years ago with no inkling of the scale on which GCHQ would attempt to exploit the certificates, enabling it to gather and process data regardless of whether it belongs to identified targets.

The categories of material have included fraud, drug trafficking and terrorism, but the criteria at any one time are secret and are not subject to any public debate. GCHQ’s compliance with the certificates is audited by the agency itself, but the results of those audits are also secret.

An indication of how broad the dragnet can be was laid bare in advice from GCHQ’s lawyers, who said it would be impossible to list the total number of people targeted because “this would be an infinite list which we couldn’t manage”.

There is an investigatory powers tribunal to look into complaints that the data gathered by GCHQ has been improperly used, but the agency reassured NSA analysts in the early days of the programme, in 2009: “So far they have always found in our favour”.

Historically, the spy agencies have intercepted international communications by focusing on microwave towers and satellites. The NSA’s intercept station at Menwith Hill in North Yorkshire played a leading role in this. One internal document quotes the head of the NSA, Lieutenant General Keith Alexander, on a visit to Menwith Hill in June 2008, asking: “Why can’t we collect all the signals all the time? Sounds like a good summer project for Menwith.”

By then, however, satellite interception accounted for only a small part of the network traffic. Most of it now travels on fibre-optic cables, and the UK’s position on the western edge of Europe gave it natural access to cables emerging from the Atlantic.

The data collected provides a powerful tool in the hands of the security agencies, enabling them to sift for evidence of serious crime. According to the source, it has allowed them to discover new techniques used by terrorists to avoid security checks and to identify terrorists planning atrocities. It has also been used against child exploitation networks and in the field of cyberdefence.

It was claimed on Friday that it directly led to the arrest and imprisonment of a cell in the Midlands who were planning co-ordinated attacks; to the arrest of five Luton-based individuals preparing acts of terror, and to the arrest of three London-based people planning attacks prior to the Olympics.

As the probes began to generate data, GCHQ set up a three-year trial at the GCHQ station in Bude, Cornwall. By the summer of 2011, GCHQ had probes attached to more than 200 internet links, each carrying data at 10 gigabits a second. “This is a massive amount of data!” as one internal slideshow put it. That summer, it brought NSA analysts into the Bude trials. In the autumn of 2011, it launched Tempora as a mainstream programme, shared with the Americans.

The intercept probes on the transatlantic cables gave GCHQ access to its special source exploitation. Tempora allowed the agency to set up internet buffers so it could not simply watch the data live but also store it – for three days in the case of content and 30 days for metadata.

“Internet buffers represent an exciting opportunity to get direct access to enormous amounts of GCHQ’s special source data,” one document explained.

The processing centres apply a series of sophisticated computer programmes in order to filter the material through what is known as MVR – massive volume reduction. The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%. Others pull out packets of information relating to “selectors” – search terms including subjects, phone numbers and email addresses of interest. Some 40,000 of these were chosen by GCHQ and 31,000 by the NSA. Most of the information extracted is “content”, such as recordings of phone calls or the substance of email messages. The rest is metadata.

The GCHQ documents that the Guardian has seen illustrate a constant effort to build up storage capacity at the stations at Cheltenham, Bude and at one overseas location, as well a search for ways to maintain the agency’s comparative advantage as the world’s leading communications companies increasingly route their cables through Asia to cut costs. Meanwhile, technical work is ongoing to expand GCHQ’s capacity to ingest data from new super cables carrying data at 100 gigabits a second. As one training slide told new users: “You are in an enviable position – have fun and make the most of it.”

Published in The Guardian.

Papers for the arrest of Edward Snowden for spying have been filed in the US. They are now trying to extradite him from Hong Kong.

In the NSA we trust: The trouble with faith in an omniscient state

June 17, 2013

Too many Americans think of their nation as inherently Christian and worthy of absolute trust, but the state is not benign

NSA surveillance

NSA surveillance

It’s nothing new, this fear that there is someone out there watching my every move, knowing my inmost thoughts. It used to be a fear of God. Now it’s a fear of Google, the NSA and GCHQ. In other words, we have invented a secular form of omniscience. For the sake of argument let us bracket out the question of whether this God actually exists. For present purposes, I am interested in how human beings have historically reacted to the prospect of there being some powerful agent/agency who knows everything about us. Thousands of years ago, the psalmist had it thus:

“O Lord, you have searched me and known me. You know when I sit down and when I rise up; you discern my thoughts from far away. You search out my path and my lying down, and are acquainted with all my ways. Even before a word is on my tongue, O Lord, you know it completely. You hem me in, behind and before, and lay your hand upon me. Such knowledge is too wonderful for me; it is so high that I cannot attain it. Where can I go from your spirit? Or where can I flee from your presence? If I ascend to heaven, you are there; if I make my bed in Sheol, you are there.” (Psalm 139 vv. 1-8)

But, the psalmist concludes, if we having nothing to hide, why worry? “Search me, O God, and know my heart; test me and know my thoughts. See if there is any wicked way in me, and lead me in the way everlasting.” This is not dissimilar to Barack Obama’s line that in the trade-off between security and privacy, we ought to trust the listening spooks not to misuse information they gather about us, that they are working in our best interests. But, whatever one thinks of (let’s call it) the God idea, the big difference between God almighty and the secular almighty, is that the former is supposed to be benign, indeed the very epitome of love itself, whereas I don’t think it entirely uncontroversial to say that the NSA is not.

The problem is, however, that too many Americans think of their nation as inherently Christian, as set apart by God. For all their supposed separation of church and state, and for all their supposed suspicion of big government, in the end a significant proportion of Americans believe in America in the same way that they believe in God. They over-identify the Christian “we” with the American “we” – as Stanley Hauerwas puts it. In 1956, the USA replaced its unofficial motto, E pluribus unum (Out of the many, one), with an official motto, “In God we Trust”.

Thus the state not so subtly claims for itself the same level of trust that Christians have in the almighty – thereby answering the initial fear that the psalmist has about absolute surveillance with the reassurance that the powers that be are benign and have our ultimate interests at heart. Nothing could be more dangerous than this, that the state deserves absolute trust. Which is why it is worth stating and restating the theologically obvious: the NSA is not God – however much it might aspire to the absolute power of omniscience.

— Giles Fraser

Published in The Guardian.

We may trust God to watch over us. We should never trust the state.

GCHQ intercepted foreign politicians’ communications at G20 summits

June 17, 2013

Exclusive: phones were monitored and fake internet cafes set up to gather information from allies in London in 2009

Documents uncovered by the NSA whistleblower, Edward Snowden, reveal surveillance of G20 delegates' emails and BlackBerrys

Documents uncovered by the NSA whistleblower, Edward Snowden, reveal surveillance of G20 delegates’ emails and BlackBerrys

Foreign politicians and officials who took part in two G20 summit meetings in London in 2009 had their computers monitored and their phone calls intercepted on the instructions of their British government hosts, according to documents seen by the Guardian. Some delegates were tricked into using internet cafes which had been set up by British intelligence agencies to read their email traffic.

The revelation comes as Britain prepares to host another summit on Monday – for the G8 nations, all of whom attended the 2009 meetings which were the object of the systematic spying. It is likely to lead to some tension among visiting delegates who will want the prime minister to explain whether they were targets in 2009 and whether the exercise is to be repeated this week.

The disclosure raises new questions about the boundaries of surveillance by GCHQ and its American sister organisation, the National Security Agency, whose access to phone records and internet data has been defended as necessary in the fight against terrorism and serious crime. The G20 spying appears to have been organised for the more mundane purpose of securing an advantage in meetings. Named targets include long-standing allies such as South Africa and Turkey.

There have often been rumours of this kind of espionage at international conferences, but it is highly unusual for hard evidence to confirm it and spell out the detail. The evidence is contained in documents – classified as top secret – which were uncovered by the NSA whistleblower Edward Snowden and seen by the Guardian. They reveal that during G20 meetings in April and September 2009 GCHQ used what one document calls “ground-breaking intelligence capabilities” to intercept the communications of visiting delegations.

This included:

• Setting up internet cafes where they used an email interception programme and key-logging software to spy on delegates’ use of computers;

• Penetrating the security on delegates’ BlackBerrys to monitor their email messages and phone calls;

• Supplying 45 analysts with a live round-the-clock summary of who was phoning who at the summit;

• Targeting the Turkish finance minister and possibly 15 others in his party;

• Receiving reports from an NSA attempt to eavesdrop on the Russian leader, Dmitry Medvedev, as his phone calls passed through satellite links to Moscow.

The documents suggest that the operation was sanctioned in principle at a senior level in the government of the then prime minister, Gordon Brown, and that intelligence, including briefings for visiting delegates, was passed to British ministers.

A briefing paper dated 20 January 2009 records advice given by GCHQ officials to their director, Sir Iain Lobban, who was planning to meet the then foreign secretary, David Miliband. The officials summarised Brown’s aims for the meeting of G20 heads of state due to begin on 2 April, which was attempting to deal with the economic aftermath of the 2008 banking crisis. The briefing paper added: “The GCHQ intent is to ensure that intelligence relevant to HMG’s desired outcomes for its presidency of the G20 reaches customers at the right time and in a form which allows them to make full use of it.” Two documents explicitly refer to the intelligence product being passed to “ministers”.

One of the GCHQ documents

One of the GCHQ documents

According to the material seen by the Guardian, GCHQ generated this product by attacking both the computers and the telephones of delegates.

One document refers to a tactic which was “used a lot in recent UK conference, eg G20”. The tactic, which is identified by an internal codeword which the Guardian is not revealing, is defined in an internal glossary as “active collection against an email account that acquires mail messages without removing them from the remote server”. A PowerPoint slide explains that this means “reading people’s email before/as they do”.

The same document also refers to GCHQ, MI6 and others setting up internet cafes which “were able to extract key logging info, providing creds for delegates, meaning we have sustained intelligence options against them even after conference has finished”. This appears to be a reference to acquiring delegates’ online login details.

Another document summarises a sustained campaign to penetrate South African computers, recording that they gained access to the network of their foreign ministry, “investigated phone lines used by High Commission in London” and “retrieved documents including briefings for South African delegates to G20 and G8 meetings”. (South Africa is a member of the G20 group and has observer status at G8 meetings.)

Another excerpt from the GCHQ documents

Another excerpt from the GCHQ documents

A detailed report records the efforts of the NSA’s intercept specialists at Menwith Hill in North Yorkshire to target and decode encrypted phone calls from London to Moscow which were made by the Russian president, Dmitry Medvedev, and other Russian delegates.

Other documents record apparently successful efforts to penetrate the security of BlackBerry smartphones: “New converged events capabilities against BlackBerry provided advance copies of G20 briefings to ministers … Diplomatic targets from all nations have an MO of using smartphones. Exploited this use at the G20 meetings last year.”

The operation appears to have run for at least six months. One document records that in March 2009 – the month before the heads of state meeting – GCHQ was working on an official requirement to “deliver a live dynamically updating graph of telephony call records for target G20 delegates … and continuing until G20 (2 April).”

Another document records that when G20 finance ministers met in London in September, GCHQ again took advantage of the occasion to spy on delegates, identifying the Turkish finance minister, Mehmet Simsek, as a target and listing 15 other junior ministers and officials in his delegation as “possible targets”. As with the other G20 spying, there is no suggestion that Simsek and his party were involved in any kind of criminal offence. The document explicitly records a political objective – “to establish Turkey’s position on agreements from the April London summit” and their “willingness (or not) to co-operate with the rest of the G20 nations”.

The September meeting of finance ministers was also the subject of a new technique to provide a live report on any telephone call made by delegates and to display all of the activity on a graphic which was projected on to the 15-sq-metre video wall of GCHQ’s operations centre as well as on to the screens of 45 specialist analysts who were monitoring the delegates.

“For the first time, analysts had a live picture of who was talking to who that updated constantly and automatically,” according to an internal review.

A second review implies that the analysts’ findings were being relayed rapidly to British representatives in the G20 meetings, a negotiating advantage of which their allies and opposite numbers may not have been aware: “In a live situation such as this, intelligence received may be used to influence events on the ground taking place just minutes or hours later. This means that it is not sufficient to mine call records afterwards – real-time tip-off is essential.”

In the week after the September meeting, a group of analysts sent an internal message to the GCHQ section which had organised this live monitoring: “Thank you very much for getting the application ready for the G20 finance meeting last weekend … The call records activity pilot was very successful and was well received as a current indicator of delegate activity …

“It proved useful to note which nation delegation was active during the moments before, during and after the summit. All in all, a very successful weekend with the delegation telephony plot.”

Published by The Guardian.

PRISM part of a much larger government surveillance program

June 16, 2013

Companies have been handling requests from the FBI for years, under a program called US-98XN

 National Security Agency building at Fort Meade

National Security Agency building at Fort Meade

WASHINGTON (AP) — In the months and early years after 9/11, FBI agents began showing up at Microsoft Corp. more frequently than before, armed with court orders demanding information on customers.

Around the world, government spies and eavesdroppers were tracking the email and Internet addresses used by suspected terrorists. Often, those trails led to the world’s largest software company and, at the time, largest email provider.

The agents wanted email archives, account information, practically everything, and quickly. Engineers compiled the data, sometimes by hand, and delivered it to the government.

Often there was no easy way to tell if the information belonged to foreigners or Americans. So much data was changing hands that one former Microsoft employee recalls that the engineers were anxious about whether the company should cooperate.

Inside Microsoft, some called it “Hoovering” — not after the vacuum cleaner, but after J. Edgar Hoover, the first FBI director, who gathered dirt on countless Americans.

This frenetic, manual process was the forerunner to Prism, the recently revealed highly classified National Security Agency program that seizes records from Internet companies. As laws changed and technology improved, the government and industry moved toward a streamlined, electronic process, which required less time from the companies and provided the government data in a more standard format.

The revelation of Prism this month by the Washington Post and Guardian newspapers has touched off the latest round in a decade-long debate over what limits to impose on government eavesdropping, which the Obama administration says is essential to keep the nation safe.

But interviews with more than a dozen current and former government and technology officials and outside experts show that, while Prism has attracted the recent attention, the program actually is a relatively small part of a much more expansive and intrusive eavesdropping effort.

Americans who disapprove of the government reading their emails have more to worry about from a different and larger NSA effort that snatches data as it passes through the fiber optic cables that make up the Internet’s backbone. That program, which has been known for years, copies Internet traffic as it enters and leaves the United States, then routes it to the NSA for analysis.

Whether by clever choice or coincidence, Prism appears to do what its name suggests. Like a triangular piece of glass, Prism takes large beams of data and helps the government find discrete, manageable strands of information.

The fact that it is productive is not surprising; documents show it is one of the major sources for what ends up in the president’s daily briefing. Prism makes sense of the cacophony of the Internet’s raw feed. It provides the government with names, addresses, conversation histories and entire archives of email inboxes.

Many of the people interviewed for this report insisted on anonymity because they were not authorized to publicly discuss a classified, continuing effort. But those interviews, along with public statements and the few public documents available, show there are two vital components to Prism’s success.

The first is how the government works closely with the companies that keep people perpetually connected to each other and the world. That story line has attracted the most attention so far.

The second and far murkier one is how Prism fits into a larger U.S. wiretapping program in place for years.

___

Deep in the oceans, hundreds of cables carry much of the world’s phone and Internet traffic. Since at least the early 1970s, the NSA has been tapping foreign cables. It doesn’t need permission. That’s its job.

But Internet data doesn’t care about borders. Send an email from Pakistan to Afghanistan and it might pass through a mail server in the United States, the same computer that handles messages to and from Americans. The NSA is prohibited from spying on Americans or anyone inside the United States. That’s the FBI’s job and it requires a warrant.

Despite that prohibition, shortly after the Sept. 11 attacks, President George W. Bush secretly authorized the NSA to plug into the fiber optic cables that enter and leave the United States, knowing it would give the government unprecedented, warrantless access to Americans’ private conversations.

Tapping into those cables allows the NSA access to monitor emails, telephone calls, video chats, websites, bank transactions and more. It takes powerful computers to decrypt, store and analyze all this information, but the information is all there, zipping by at the speed of light.

“You have to assume everything is being collected,” said Bruce Schneier, who has been studying and writing about cryptography and computer security for two decades.

The New York Times disclosed the existence of this effort in 2005. In 2006, former AT&T technician Mark Klein revealed that the company had allowed the NSA to install a computer at its San Francisco switching center, a spot where fiber optic cables enter the U.S.

What followed was the most significant debate over domestic surveillance since the 1975 Church Committee, a special Senate committee led by Sen. Frank Church, D-Idaho, reined in the CIA and FBI for spying on Americans.

Unlike the recent debate over Prism, however, there were no visual aids, no easy-to-follow charts explaining that the government was sweeping up millions of emails and listening to phone calls of people accused of no wrongdoing.

The Bush administration called it the “Terrorist Surveillance Program” and said it was keeping the United States safe.

“This program has produced intelligence for us that has been very valuable in the global war on terror, both in terms of saving lives and breaking up plots directed at the United States,” Vice President Dick Cheney said at the time.

The government has said it minimizes all conversations and emails involving Americans. Exactly what that means remains classified. But former U.S. officials familiar with the process say it allows the government to keep the information as long as it is labeled as belonging to an American and stored in a special, restricted part of a computer.

That means Americans’ personal emails can live in government computers, but analysts can’t access, read or listen to them unless the emails become relevant to a national security investigation.

The government doesn’t automatically delete the data, officials said, because an email or phone conversation that seems innocuous today might be significant a year from now.

What’s unclear to the public is how long the government keeps the data. That is significant because the U.S. someday will have a new enemy. Two decades from now, the government could have a trove of American emails and phone records it can tap to investigative whatever Congress declares a threat to national security.

The Bush administration shut down its warrantless wiretapping program in 2007 but endorsed a new law, the Protect America Act, which allowed the wiretapping to continue with changes: The NSA generally would have to explain its techniques and targets to a secret court in Washington, but individual warrants would not be required.

Congress approved it, with Sen. Barack Obama, D-Ill., in the midst of a campaign for president, voting against it.

“This administration also puts forward a false choice between the liberties we cherish and the security we provide,” Obama said in a speech two days before that vote. “I will provide our intelligence and law enforcement agencies with the tools they need to track and take out the terrorists without undermining our Constitution and our freedom.”

___

When the Protect America Act made warrantless wiretapping legal, lawyers and executives at major technology companies knew what was about to happen.

One expert in national security law, who is directly familiar with how Internet companies dealt with the government during that period, recalls conversations in which technology officials worried aloud that the government would trample on Americans’ constitutional right against unlawful searches, and that the companies would be called on to help.

The logistics were about to get daunting, too.

For years, the companies had been handling requests from the FBI. Now Congress had given the NSA the authority to take information without warrants. Though the companies didn’t know it, the passage of the Protect America Act gave birth to a top-secret NSA program, officially called US-98XN.

It was known as Prism. Though many details are still unknown, it worked like this:

Every year, the attorney general and the director of national intelligence spell out in a classified document how the government plans to gather intelligence on foreigners overseas.

By law, the certification can be broad. The government isn’t required to identify specific targets or places.

A federal judge, in a secret order, approves the plan.

With that, the government can issue “directives” to Internet companies to turn over information.

While the court provides the government with broad authority to seize records, the directives themselves typically are specific, said one former associate general counsel at a major Internet company. They identify a specific target or groups of targets. Other company officials recall similar experiences.

All adamantly denied turning over the kind of broad swaths of data that many people believed when the Prism documents were first released.

“We only ever comply with orders for requests about specific accounts or identifiers,” Microsoft said in a statement.

Facebook said it received between 9,000 and 10,000 demands requests for data from all government agencies in the second half of last year. The social media company said fewer than 19,000 users were targeted.

How many of those were related to national security is unclear, and likely classified. The numbers suggest each request typically related to one or two people, not a vast range of users.

Tech company officials were unaware there was a program named Prism. Even former law enforcement and counterterrorism officials who were on the job when the program went live and were aware of its capabilities said this past week that they didn’t know what it was called.

What the NSA called Prism, the companies knew as a streamlined system that automated and simplified the “Hoovering” from years earlier, the former assistant general counsel said. The companies, he said, wanted to reduce their workload. The government wanted the data in a structured, consistent format that was easy to search.

Any company in the communications business can expect a visit, said Mike Janke, CEO of Silent Circle, a company that advertises software for secure, encrypted conversations. The government is eager to find easy ways around security.

“They do this every two to three years,” said Janke, who said government agents have approached his company but left empty-handed because his computer servers store little information. “They ask for the moon.”

That often creates tension between the government and a technology industry with a reputation for having a civil libertarian bent. Companies occasionally argue to limit what the government takes. Yahoo even went to court and lost in a classified ruling in 2008, The New York Times reported Friday.

“The notion that Yahoo gives any federal agency vast or unfettered access to our users’ records is categorically false,” Ron Bell, the company’s general counsel, said recently.

Under Prism, the delivery process varied by company.

Google, for instance, says it makes secure file transfers. Others use contractors or have set up stand-alone systems. Some have set up user interfaces making it easier for the government, according to a security expert familiar with the process.

Every company involved denied the most sensational assertion in the Prism documents: that the NSA pulled data “directly from the servers” of Microsoft, Yahoo, Google, Facebook, AOL and more.

Technology experts and a former government official say that phrasing, taken from a PowerPoint slide describing the program, was likely meant to differentiate Prism’s neatly organized, company-provided data from the unstructured information snatched out of the Internet’s major pipelines.

In slide made public by the newspapers, NSA analysts were encouraged to use data coming from both Prism and from the fiber-optic cables.

Prism, as its name suggests, helps narrow and focus the stream. If eavesdroppers spot a suspicious email among the torrent of data pouring into the United States, analysts can use information from Internet companies to pinpoint the user.

With Prism, the government gets a user’s entire email inbox. Every email, including contacts with American citizens, becomes government property.

Once the NSA has an inbox, it can search its huge archives for information about everyone with whom the target communicated. All those people can be investigated, too.

That’s one example of how emails belonging to Americans can become swept up in the hunt.

In that way, Prism helps justify specific, potentially personal searches. But it’s the broader operation on the Internet fiber optics cables that actually captures the data, experts agree.

“I’m much more frightened and concerned about real-time monitoring on the Internet backbone,” said Wolf Ruzicka, CEO of EastBanc Technologies, a Washington software company. “I cannot think of anything, outside of a face-to-face conversation, that they could not have access to.”

One unanswered question, according to a former technology executive at one of the companies involved, is whether the government can use the data from Prism to work backward.

For example, not every company archives instant message conversations, chat room exchanges or videoconferences. But if Prism provided general details, known as metadata, about when a user began chatting, could the government “rewind” its copy of the global Internet stream, find the conversation and replay it in full?

That would take enormous computing, storage and code-breaking power. It’s possible the NSA could use supercomputers to decrypt some transmissions, but it’s unlikely it would have the ability to do that in volume. In other words, it would help to know what messages to zero in on.

Whether the government has that power and whether it uses Prism this way remains a closely guarded secret.

___

A few months after Obama took office in 2009, the surveillance debate reignited in Congress because the NSA had crossed the line. Eavesdroppers, it turned out, had been using their warrantless wiretap authority to intercept far more emails and phone calls of Americans than they were supposed to.

Obama, no longer opposed to the wiretapping, made unspecified changes to the process. The government said the problems were fixed.

“I came in with a healthy skepticism about these programs,” Obama explained recently. “My team evaluated them. We scrubbed them thoroughly. We actually expanded some of the oversight, increased some of the safeguards.”

Years after decrying Bush for it, Obama said Americans did have to make tough choices in the name of safety.

“You can’t have 100 percent security and also then have 100 percent privacy and zero inconvenience,” the president said.

Obama’s administration, echoing his predecessor’s, credited the surveillance with disrupting several terrorist attacks. Leading figures from the Bush administration who endured criticism during Obama’s candidacy have applauded the president for keeping the surveillance intact.

Jason Weinstein, who recently left the Justice Department as head of its cybercrime and intellectual property section, said it’s no surprise Obama continued the eavesdropping.

“You can’t expect a president to not use a legal tool that Congress has given him to protect the country,” he said. “So, Congress has given him the tool. The president’s using it. And the courts are saying ‘The way you’re using it is OK.’ That’s checks and balances at work.”

Schneier, the author and security expert, said it doesn’t really matter how Prism works, technically. Just assume the government collects everything, he said.

He said it doesn’t matter what the government and the companies say, either. It’s spycraft, after all.

“Everyone is playing word games,” he said. “No one is telling the truth.”

___

Associated Press writers Eileen Sullivan, Peter Svensonn, Adam Goldman, Michael Liedtke and Monika Mathur contributed to this report.

Associated Press report published by Salon.

Leaks Are Vital For Democracy and the NSA Revelations Are the Quintessential Example Why

June 14, 2013

When looking back at the past decade, it’s hard to think of a constitutional scandal that wasn’t first brought to the public’s attention by a leak to the press. Bush’s NSA warrantless wiretapping program, black site prisons, torture, CIA drone strikes, and offensive cyberattacks are just some of the examples.

Leaks, while controversial, remain vital to democracy when the government shuts off traditional avenues of transparency and accountability. And there has never been a better example of this than the recent revelations by NSA whistleblower Edward Snowden.

Unfortunately, many lawmakers have spent the last week criticizing Snowden’s actions rather than scrutinizing the programs he’s exposed and the system that led him to do what he did. In the past five years, the government has systematically cut off congressional oversight, Freedom of Information Act requests, and the federal courts as avenues to hold the NSA accountable. Similarly, whistleblower protection laws have provided no protection those like Snowden who might wish to bring abuses to light.

In Congress, the intelligence committees have teamed up with the Obama administration and rejected even modest transparency and oversight amendments to both the Patriot Act and FISA Amendments Act in the last two years, despite ample evidence of abuse.

In federal courts, the Justice Department has used a variety of procedural moves to prevent judges from ruling on whether the NSA warrantless wiretapping program is constitutional – including ‘standing,’ ‘sovereign immunity,’ and the pernicious ‘state secrets’ privilege.

Freedom of Information Act lawsuits about the secret Patriot Act interpretations (exposed by the Verizon court order) and secret FISA court decisions have been met with absurd and Kafkaesque arguments to prevent even the administration’s interpretation of a public law from being made public.

And importantly, Congress recently passed the Whistleblower Protection Act and purposely excluded government contractors like Snowden (of which there are more than a million). So if he went through official channels he would have been provided no protection, unlike what some misguided commentators have suggested. Snowden would’ve been stifled, fired, or worse.

These efforts, taken altogether, have meant these programs have stayed largely secret and out of the public eye for the last five years. But look at what has happened in just one last week since journalists Glenn Greenwald, Laura Poitras, and others, started publishing stories based on information given to them by Snowden:

–Senators confirmed the leaked Verizon FISA order is real, orders like it are “routine,” and that the NSA has been collected all American phone records for seven years —information the administration has fought to keep secret for since 2010.

–President Obama suddenly called for debate over the surveillance program, despite trying to cut off debate on the subject for years.

–Dozens of Congressmen said they did not know the full scope of the NSA’s domestic surveillance, despite the administration’s public claims that every member of Congress has been read in.

–In response to PRISM leak, DNI Clapper declassified portions of the program and explains how it relates to broad collection of data under section 702 of the FISA Amendments Act—which they’ve avoided for years.

–Both Google and Facebook publicly demanded that the government allow them to tell the public how many users are affected by secret FISA orders—something they should have done years ago.

–ACLU filed a lawsuit alleging the government collection of all American phone records under PATRIOT Act is unconstitutional, after having their prior suit over the FISA Amendments Act dismissed just moths ago for lack of evidence.

–Possible Congressional hearings about whether Director of National Intelligence James Clapper lied to Congress when he definitively told Congress the NSA was not gathering data on millions of Americans.

— A group of eight Senators introduced a law requiring the FISA court declassifying some of its secret interpretations of law.

–Key lawmakers signaled their wish review the scope of the PATRIOT Act, including its author, despite renewing key sections with no oversight only two years ago.

–Many lawmakers plan to introduce a variety of legislation, and many groups plan to file lawsuits, regarding NSA spying in the coming days and weeks.

Now, those who wish to use the new revelations to instill permanent structural changes have a long way to go before the government gets there. And it’s possible the American people will simply choose to continue these programs, despite their Orwellian undertones. But the fact that this debate is finally happening, and that the Americans will—for the first time—be informed about what the government is doing in their name, cannot be understated.

Without Edward Snowden, none of this would be possible.

— Trevor Timm

Published by Freedom of the Press Foundation.

Sales of Nineteen Eighty-Four soar

June 13, 2013

One of the consequences of the expose by Edward Snowden of the NSA PRISM mass surveillance programme is that sales of Nineteen Eighty-Four by George Orwell have soared.

What we have seen is Big Brother writ large.

Published in 1949, Nineteen Eighty-Four is a chilling account of the future, where everything we do is monitored by Big Brother. Nothing we do escapes the attention of Big Brother, and if we err and incur the displeasure, we will be exposed and destroyed.

Revelation of PRISM has caused a huge backlash in the US, but this is nothing compared with the outrage across Europe.

There has also been some brutal attacks, calling Edward Snowden a traitor and worse. One rabid politician practically foaming at the mouth has called for all journalists associated with Edward Snowden to be prosecuted.

But these are the exceptions.

There are calls for hearings, investigations, for James Clapper National Director Intelligence to be prosecuted, questions are being asked how did PRISM come about.

DNI James Clapper appears to have lied to Congress in previous testimony, hence the calls for him to be prosecuted, and if he lied about PRISM, what else did he lie about?

Back at an open Congressional hearing on 12 March, Sen Ron Wyden (D-Ore.) asked Clapper, “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Clapper replied, “No sir … not wittingly.” As we all now know, he was lying.

Nor was this a spontaneous lie or a lie he regretted making. Sen Ron Wyden revealed in a recent statement that he’d given Clapper advance notice that he would ask the question and that, after the hearing, he offered Clapper a chance to revise his answer. Clapper didn’t take the offer.

Speaking once PRISM was exposed, James Clapper comes across as a bumbling buffoon, a complete moron. How did this idiot ever get appointed as Director of National Intelligence?

One of the biggest lies peddled by Clapper is that mass surveillance deals with terrorism.

One of the least threats facing us is terrorism, but it is used a bogey man to clamp down on civil liberties, to infiltrate and disrupt democratic challenges to the status quo. We deal with terrorism, by addressing the causes. We track down terrorists, use good old fashioned police work. Maybe US should look to its drone attacks.

Ai Weiwei says U.S. surveillance reminds him of China

June 12, 2013
Chinese activist Ai Weiwei

Chinese activist Ai Weiwei

Chinese activist Ai Weiwei has had his share of experience with heavy-handed treatment by the government, having been detained for 81 days by China’s secret police in 2011. Now the Beijing-based artist says another country reminds him of China: the United States.

In a column in The Guardian this morning, Ai harshly criticizes the U.S. government for the NSA’s PRISM Internet surveillance program — a program The Guardian has been at the forefront of reporting on over the past week.

“Privacy is a basic human right, one of the very core values,” Ai writes. “There is no guarantee that China, the US or any other government will not use the information falsely or wrongly. I think especially that a nation like the US, which is technically advanced, should not take advantage of its power. It encourages other nations.”

In another comparison that Americans are unlikely to appreciate, Ai adds, “In the Soviet Union before, in China today, and even in the US, officials always think what they do is necessary, and firmly believe they do what is best for the state and the people. But the lesson that people should learn from history is the need to limit state power.”

Praise for Edward Snowden, the leaker behind the PRISM story who was last seen in Hong Kong, has been widespread in China.

“This is the definition of heroism,” wrote one Chinese blogger. “Doing this proves he genuinely cares about this country and about his country’s citizens. All countries need someone like him!”

“This young fellow truly is a human rights warrior!” declared the well-known nationalist writer Wang Xiaodong. “He has now fled to Chinese territory, and must be protected. We must withstand U.S. pressure, and make a contribution to world human rights!”

Ai doesn’t mention Snowden explicitly in his column, but the Chinese dissident may very well feel the same way.

Published by WP Social Reader.

Obama v Obama

June 11, 2013

Obama debates with Obama, the merits or ills of mass surveillance.

Which Obama was right?

As the old adage says, power corrupts, absolute power corrupts absolutely.

Edward Snowden: Saving us from the United Stasi of America

June 10, 2013

Snowden’s whistleblowing gives us a chance to roll back what is tantamount to an ‘executive coup’ against the US constitution.

In my estimation, there has not been in American history a more important leak than Edward Snowden’s release of NSA material – and that definitely includes the Pentagon Papers 40 years ago. Snowden’s whistleblowing gives us the possibility to roll back a key part of what has amounted to an “executive coup” against the US constitution.

Since 9/11, there has been, at first secretly but increasingly openly, a revocation of the bill of rights for which this country fought over 200 years ago. In particular, the fourth and fifth amendments of the US constitution, which safeguard citizens from unwarranted intrusion by the government into their private lives, have been virtually suspended.

The government claims it has a court warrant under Fisa – but that unconstitutionally sweeping warrant is from a secret court, shielded from effective oversight, almost totally deferential to executive requests. As Russell Tice, a former National Security Agency analyst, put it: “It is a kangaroo court with a rubber stamp.”

For the president then to say that there is judicial oversight is nonsense – as is the alleged oversight function of the intelligence committees in Congress. Not for the first time – as with issues of torture, kidnapping, detention, assassination by drones and death squads –they have shown themselves to be thoroughly co-opted by the agencies they supposedly monitor. They are also black holes for information that the public needs to know.

The fact that congressional leaders were “briefed” on this and went along with it, without any open debate, hearings, staff analysis, or any real chance for effective dissent, only shows how broken the system of checks and balances is in this country.

Obviously, the United States is not now a police state. But given the extent of this invasion of people’s privacy, we do have the full electronic and legislative infrastructure of such a state. If, for instance, there was now a war that led to a large-scale anti-war movement – like the one we had against the war in Vietnam – or, more likely, if we suffered one more attack on the scale of 9/11, I fear for our democracy. These powers are extremely dangerous.

There are legitimate reasons for secrecy, and specifically for secrecy about communications intelligence. That’s why Bradley Mannning and I – both of whom had access to such intelligence with clearances higher than top-secret – chose not to disclose any information with that classification. And it is why Edward Snowden has committed himself to withhold publication of most of what he might have revealed.

But what is not legitimate is to use a secrecy system to hide programs that are blatantly unconstitutional in their breadth and potential abuse. Neither the president nor Congress as a whole may by themselves revoke the fourth amendment – and that’s why what Snowden has revealed so far was secret from the American people.

In 1975, Senator Frank Church spoke of the National Security Agency in these terms:

“I know the capacity that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision, so that we never cross over that abyss. That is the abyss from which there is no return.”

The dangerous prospect of which he warned was that America’s intelligence gathering capability – which is today beyond any comparison with what existed in his pre-digital era – “at any time could be turned around on the American people and no American would have any privacy left.”

That has now happened. That is what Snowden has exposed, with official, secret documents. The NSA, FBI and CIA have, with the new digital technology, surveillance powers over our own citizens that the Stasi – the secret police in the former “democratic republic” of East Germany – could scarcely have dreamed of. Snowden reveals that the so-called intelligence community has become the United Stasi of America.

So we have fallen into Senator Church’s abyss. The questions now are whether he was right or wrong that there is no return from it, and whether that means that effective democracy will become impossible. A week ago, I would have found it hard to argue with pessimistic answers to those conclusions.

But with Edward Snowden having put his life on the line to get this information out, quite possibly inspiring others with similar knowledge, conscience and patriotism to show comparable civil courage – in the public, in Congress, in the executive branch itself – I see the unexpected possibility of a way up and out of the abyss.

Pressure by an informed public on Congress to form a select committee to investigate the revelations by Snowden and, I hope, others to come might lead us to bring NSA and the rest of the intelligence community under real supervision and restraint and restore the protections of the bill of rights.

Snowden did what he did because he recognised the NSA’s surveillance programs for what they are: dangerous, unconstitutional activity. This wholesale invasion of Americans’ and foreign citizens’ privacy does not contribute to our security; it puts in danger the very liberties we’re trying to protect.

— Daniel Ellsberg

Published in The Guardian.

It was The Guardian that first exposed the PRISM mass surveillance programme operated by NSA.

Please sign the petition to the House Oversight Committee and Senate Judiciary Committee to demand an immediate investigation of this spying.

The world owes a huge debt of gratitude to the courage of whistleblower Edward Snowden. Please sign the petition thanking him.